8f7606e13005c44c2e7dc693046ad4f2ae537adcaa3ccd5cdfad7a9798d53125

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:25

Target

74f6cebf3e37bb799c05592370e05a3a.exe
Size

751KB
MD5

74f6cebf3e37bb799c05592370e05a3a
SHA1

2c6e5f713bd20746eadb7caf86c4b72f4701564f
SHA256

8f7606e13005c44c2e7dc693046ad4f2ae537adcaa3ccd5cdfad7a9798d53125
SHA512

2edf0ab29d3290daebf79cdd15d9d67f43465a63199a863b80307912943982c73ffe70487efeb709b38f318079947add61ce09ee781d44b286a5bf34a0a41e39
SSDEEP

12288:IMu0p4ve3FTxdZq/6xtrDwBMVE3lwx/cHDB2YCNFVAzBcTSNl6q/:wapFTjQ/6nEBK0wdcHMbGzBcTE

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

dddrrllsjjjs.exe

pid process

2700 dddrrllsjjjs.exe

pid	process
2700	dddrrllsjjjs.exe

Drops file in Program Files directory 2 IoCs

Processes:

74f6cebf3e37bb799c05592370e05a3a.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\dddrrllsjjjs.exe	74f6cebf3e37bb799c05592370e05a3a.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSInfo\dddrrllsjjjs.exe	74f6cebf3e37bb799c05592370e05a3a.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

Notepad.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Notepad	Notepad.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Notepad\iWindowPosX = "125"	Notepad.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Notepad\iWindowPosY = "125"	Notepad.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Notepad\iWindowPosDX = "768"	Notepad.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Notepad\iWindowPosDY = "556"	Notepad.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

74f6cebf3e37bb799c05592370e05a3a.exedddrrllsjjjs.exe

description	pid	process	target process
PID 1112 wrote to memory of 2160	1112	74f6cebf3e37bb799c05592370e05a3a.exe	Notepad.exe
PID 1112 wrote to memory of 2160	1112	74f6cebf3e37bb799c05592370e05a3a.exe	Notepad.exe
PID 1112 wrote to memory of 2160	1112	74f6cebf3e37bb799c05592370e05a3a.exe	Notepad.exe
PID 1112 wrote to memory of 2160	1112	74f6cebf3e37bb799c05592370e05a3a.exe	Notepad.exe
PID 2700 wrote to memory of 2764	2700	dddrrllsjjjs.exe	Notepad.exe
PID 2700 wrote to memory of 2764	2700	dddrrllsjjjs.exe	Notepad.exe
PID 2700 wrote to memory of 2764	2700	dddrrllsjjjs.exe	Notepad.exe
PID 2700 wrote to memory of 2764	2700	dddrrllsjjjs.exe	Notepad.exe

C:\Windows\SysWOW64\Notepad.exe
Notepad
2⤵
- Modifies data under HKEY_USERS
PID:2764

C:\Program Files\Common Files\Microsoft Shared\MSInfo\dddrrllsjjjs.exe
Filesize
751KB

MD5
74f6cebf3e37bb799c05592370e05a3a

SHA1
2c6e5f713bd20746eadb7caf86c4b72f4701564f

SHA256
8f7606e13005c44c2e7dc693046ad4f2ae537adcaa3ccd5cdfad7a9798d53125

SHA512
2edf0ab29d3290daebf79cdd15d9d67f43465a63199a863b80307912943982c73ffe70487efeb709b38f318079947add61ce09ee781d44b286a5bf34a0a41e39

Download Submit
memory/1112-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1112-6-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2700-3-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2700-5-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download